Re: Getting X509 Certificates from PKCS#7

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

CAPICOM can be distributed with your application; see
http://msdn2.microsoft.com/en-us/library/Aa382434.aspx.

For "VC 2005 standard Crypto libraries" you are in the wrong group (and
native CryptoApi is very hard from VB6). And if you're using a .NET
compiler, why not use the .NET framework's support?

Under CAPICOM, you can merely iterate through the Certificates collection
retrieved from the Store object. See "Using Certificate Stores" in the
Platform SDK under "Using CAPICOM" for samples using various sources (you
didn't say what yours was).

<jaslong@xxxxxxxxxxx> wrote in message
news:1180123346.255188.301490@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Im using the CAPI revocation function CertVerifyRevocation and
writting my own DLL to replace the default behaviour. Basically I
have a third party Authentication Server which provides Path building
and Revocation services, therefore I want all clients to utilise my
server.

1) I have written a configuration app which points to teh URL of the
Server (DONE)
2) I have written the DLL which CAPI calls i.e. CertVerifyRevocation()
and its call as the first default provider (DONE)
3) Tested sending X509 Certificates to the Authentication server over
SOAP (DONE)
4) Support for passing PKCS#7 certificates - ummm problem.

How do I get the X509 Certificates from the PKCS#7?

I also have an issue where the authentication server can only test a
SINGLE certificate at a time - hence I need to get each cert and send
it seperatley (and then process the responses in turn - this is crap,
and I fully intend to address this when I can sort this issue out, I
just need a proof of concept example.

What I have gathered so far:

Cryptoqueryobject - I think this can help me - but seems tied to
system stores. I want to get the PKCS#7 and extract the X509
Certificates from it, then send them to the authentication server for
revocation checking (path building is perform by default (which is
also not ideal)) - i have digressed here a little, but im trying to
give a better overview of the issue I face and why I need such a
solution.

I would be greatful for any advice on this,

also I cannot guarantee that I have CAPICOM available on the client
machines, therefore a solution does have to be provided via VC 2005
standard Crypto librarys.

I look forward to any suggestions....cheers in advance.



.

Relevant Pages

  • Re: Generating X.509 certificates programatically (self-signed)
    ... CAPICOM can currently do neither. ... For CryptoAPI, there is a good sample in psdk showing how to programatically ... generate certificates with various standard extensions, ... another interesting mix/match possibility is to use the CEnroll ...
    (microsoft.public.dotnet.security)
  • Re: parsing pkcs#7 string
    ... In CAPICOM you can use: ... certificates by executing: ... CryptMsgOpenToDecode() ... to get all the certificates. ...
    (microsoft.public.dotnet.security)
  • Getting X509 Certificates from PKCS#7
    ... and Revocation services, therefore I want all clients to utilise my ... I have written the DLL which CAPI calls i.e. CertVerifyRevocation ... Tested sending X509 Certificates to the Authentication server over ...
    (microsoft.public.vb.winapi)
  • Re: Only 1 certificate in smartcard store
    ... You may be unwittingly relying on some default behavior in capicom. ... > the certificates wiht outlook and office an windows lognon. ... > capicom we can only read the windwos logon certificate and the certificat ...
    (microsoft.public.platformsdk.security)
  • Re: RSA Encrypt/Decrypt Problems
    ... I have downloaded CAPICOM and am reading Michel's ... > CAPICOM really excels at facilitating searching for and using certificates in capi stores, ...
    (microsoft.public.dotnet.security)